1
Common Cause Failure Analyses by Using the Decomposition Approach
Dae IL Kang1), Sang Hoon Han1), and Jin Hee Park1)
1) Integrated Safety Assessment Center, KAERI, 1045 Daedeokdaero, Yuseong-Gu, Daejon, KOREA
ABSTRACT
The most common cause failure (CCF) analysis using the parametric models is performed based on a symmetry assumption that the probabilities of similar events involving similar components are the same. However, there are many cases where the CCF events show a tendency toward asymmetries. An example of these asymmetries is the case of differently operating components such as in a cooling water system. In this paper, we derived the general formulas for a modeling and parameter estimation of asymmetrical CCF events by using the decomposition approach. The total failures of a component including the CCFs were divided into their symmetry part and asymmetry part. Based on the assumption that the CCFs of each divided part were the symmetrical CCF events within them, the Alpha Factor method was employed for the derivation of formulas for modeling and parameter estimation for the asymmetrical CCFs. The derived formulas were applied to the CCF analysis of the three emergency diesel generators (EDGs) of Ulchin Unit 3. The historical CCF data used for the Alpha Factor estimation was the ICDE database. For a comparison, we quantified the EDG system unavailability of the 1 out of 3 success criterion by using the conservative method and the decomposition approach. For the case where the conservative method was used, the system unavailability was estimated as 1.801E-3. For that where the decomposition approach was used, it was estimated as 1.742E-3. The system unavailability estimated by the former method was increased by 3.4% in a comparison with the latter method.
INTRODUCTION
A common cause failure (CCF) event is defined as a dependent failure event in which two or more component fault states exist simultaneously, or within a short time interval, and are a direct result of a shared cause [1,2,3]. As plant specific CCF events are rare, a parameter estimation for a CCF analysis has to mostly rely on experience data from other nuclear power plants (NPPs).
The most CCF analysis using the parametric models is performed based on a symmetry assumption that the probabilities of similar events involving similar components are the same [3]. However, there are many cases where the CCF events show a tendency toward asymmetries. These asymmetries may come from the differences of a design, operation, environment, etc. among the components in the same common cause component group (CCCG). A CCCG is a set of components that are considered to have a high potential for a failure due to a common cause (with several different common cause being possible). An example of these asymmetries is the case of differently operating components such as in a cooling water system. At a power operation of nuclear power plants (NPPs), one or more than one cooling water system pump is in a running state and the other cooling water pumps are in a standby state. The development of a fault tree model for these cooling water system pumps should include the CCF events of “fails to run” for them. If the CCFs, for all the cooling water pumps, were to be treated as symmetrical events without a consideration of their operating differences, the probability of the CCF events of “fails to run” would be over-estimated in a comparison with the actual CCF probability. If the difference between the CCF events for the components in a running and standby state are ignored, they would be under-estimated in a comparison with it.
In this paper, we derived the general formulas for a modeling and parameter estimation of the asymmetrical CCF events by using the decomposition approach [4]. The decomposition approach has been used in many areas such as a fault tree analysis, a human reliability analysis (HRA), Level 2 probabilistic safety assessment (PSA), etc. With the same approach as other areas of a PSA, the total failures of a component including the CCFs were divided into their symmetry part and asymmetry part. Based on the assumption that the CCFs of each divided part were the symmetrical events within them, the Alpha Factor method was employed for a derivation of the formulas for a modeling and parameter estimation for the asymmetrical CCFs. Previous studies [3, 5], for the case where there are differently operating ‘m’ redundant components, considered the CCFs disabling only all ‘m’ redundant components supposing that there is no CCFs of “fails to run” of ‘m-1’ and below redundant components between running and standby components. In this study, the symmetrical CCFs includes all possible CCFs affecting all redundant components such as triple and quadruple CCFs of “fails to run” between running and standby pumps. The asymmetrical CCFs include all possible CCFs affecting only specific components.
The derived formulas were applied to the CCF analysis of the three emergency diesel generators (EDGs) of Ulchin Unit 3 located at Korea. The three EDGs consist of two onsite EDGs and one Alternate AC (AAC) EDG. The AAC EDG is almost the same as the onsite EDGs except for some subsystems. The historical CCF data used for the Alpha Factor estimation was the ICDE database [1]. For a comparison, we quantified the EDG system unavailability of the 1 out of 3 success criterion by using the conservative method and the decomposition approach. The remainder of this paper is organized as follows. Section 2 presents the method for estimating the Alpha Factor parameters using the decomposition approach. Section 3 presents the application results. Section 4 presents the conclusions.
METHOD FOR AN ESTIMATION OF THE ALPHA FACTORPARAMETERS USING THE DECOMPOSITION APPROACH
In this section, the method for estimating the Alpha factors using the decomposition approach is presented. In the first subsection, parametric representation of a CCF probability by using the alpha Factor method is described. In the second subsection, the general formulas for estimating the probability for the asymmetrical CCF events are introduced.
Parametric representations of a CCF probability by using the Alpha Factor method
The probability of a CCF event involving k specific components in a CCCG of size m for a staggered testing scheme, Qk(m), is calculated by using the following equation [2, 3]:
Qk(m) = (αk(m)
/ m-1Ck-1) * QT (1)
where, Qt represents the total failure probability of a component in a CCCG due to all independent and common cause events and αk(m)
is the fraction of the total frequency of the failure events that occur in the system involving the failure of k components due to a common cause. Qt and αk
(m)
are represented as [2, 3]:
QT =
∑
= m
k1
m-1Ck-1* Qk(m) (2)
αk (m)
= nk /(
∑
= m
j1
nj) (3)
where, nj represents the sum of the j-th element of the impact vector, over all the events and n1 is sum of the first element and the adjusted independent events. Adjusted independent events are estimated by considering a difference of the system size between the original plant and the target plant.
For the case of a non-staggered testing scheme, the following formula is used [2, 3]:
Qk(m) = (k / m-1Ck-1)(αk / αT) * QT = (m/mCk)*(αk / αT) * QT(m) (4)
αt =
∑
= m
k 1
[k * αk] (5)
The general formulas for estimating a probability for the asymmetrical CCF events
Suppose a system consisting of similar ‘M’ components. Similar ‘M’ components have causes that can trigger asymmetrical failure events. They are assumed to be classified into two component groups according to the small differences of their operation environments, design characteristics, or etc. The first component group is called ‘primary components’ which have a large number of components with the same operation environments, design characteristics, or etc. The number of primary components is ‘m’. The other group is called ‘secondary components’. The number of secondary components is ‘n’. ‘M’ is the sum of ‘m’ and ‘n’. ‘m’ is in general equal to or greater than ‘n’.
If all the failure events for the ‘M’ components are assumed to be symmetrical, from Eq.(3), the total failure probability of a component in a CCCG due to all the independent and common cause failures is given by,:
QT(m+n) =
∑
+
=
n m
k 1
m+n-1Ck-1Qk(m+n) (6)
where, Qk (m+n)
is the probability of a CCF event involving k specific components in a CCCG of size ‘m +n’. For the case where the CCF data can be classified into symmetrical and asymmetrical events, the total failure probability of any component among the primary and the secondary components can be expressed as the following equations, respectively:
QT(m) (primary components) = Qc T + Qp T (7)
QT (n)
(secondary components) = Qc T + Q s
T (8)
where, QT (m)
represents the total failure probability of a primary component, and QT (n)
3
between the total failure probability of any component of the primary and the secondary components. Thus, the relationship between the total failure probability of a component for ‘M’, ‘m’, and ‘n’ components can be expressed as:
QT(m+n) ≈ QT(m) ≈ QT(n) (9)
By using Eq. (1) and Eq.(9), Qc T, QpT, and QsT can be represented as follows:
Qc T ≈ QT(m+n) ≈
∑
+
=
n m
k 1
m+n-1Ck-1Qck(m+n) (10)
QpT ≈
∑
=
m
k 1
m-1Ck-1Qpk(m) ≈
∑
= m
k 2
m-1Ck-1Qpk(m) (11)
QsT ≈
∑
=
m
k 1
m-1Ck-1Qsk(n) ≈
∑
= m
k 2
m-1Ck-1Qsk(n) (12)
For the case where a component test is performed in the staggered way, Qck(m+n), Qpk(m), and Qsk(n) are represented as the following equations:
Qck(m+n) = (αck(m+n) / m+n-1Ck-1) * QT(m+n) (13)
Qpk(m) = (αpk(m) / m-1Ck-1) * QpT (14)
Qsk(n) = (αsk(n) / n-1Ck-1) * QsT (15)
By using the definitions of the Alpha factors of Eq.(3), αck(m+n), αpk(m), and αsk(m) of Eq. (13), Eq.(14), and Eq.(15) are defined as the following equations:
αc
k(m+n) = nck /
∑
+
=
n m
k 1
nck (16)
αpk(m) = npk /
∑
= m
k 1
npk (17)
αsk(n) = nsk /
∑
=
n
k 1
nsk (18)
where, the parameters of Eq.(16), Eq(17), and Eq.(18) are defined in the Nomenclature Section. It is difficult to
estimate QpT and
∑
= m
k 1
npk. Thus, let us try to represent Qpk(m) by using the data available, nck and QT(m+n).
Suppose that the number of test for the system is ‘ND’, the total probability of a component consisting of ‘m+n’ redundant components and that of ‘m’ redundant components is given by the following equations [2, 3]:
QT(m+n) ≈
∑
+
=
n m
k 1
(nck /((m+n)*ND)) (19)
Q pT ≈
∑
= m
k 1
(npk /(m*ND)) (20)
By using Eq.(13), Eq.(14), Eq.(16), Eq.(17), Eq.(19), and Eq.(20), Eq(14) can be rearranged as follow:
Qpk (m)
≈ (1/m-1Ck-1) *((m+n)/m)*(n p
k /
∑
+
=
n m
k 1
nck)*QT
(m+n) (21)
Qsk(n) ≈ (1/n-1Ck-1) *((m+n)/n)*(nsk /
∑
+
=
n m
k 1
nck)*QT(m+n) (22)
As defined in Eq.(3), the Alpha Factor parameters are dependent on not only the number of CCF events but also the number of independent failure events. If the CCF events in the CCF database were classified into some groups, the corresponding independent failure events should also be classified into them. However, it is not easy to identify independent failure events with the same failure cause for the classified CCF events because the CCF databases have too many independent failure events or have no detailed information on the causes of them. In this study, the number of independent failure events corresponding to the classified CCF events can be estimated based on the assumption that the number of CCF events is proportional to the number of independent failure events. The number of asymmetrical CCF events is estimated by using the following equation:
Estimated number of asymmetrical CCF events =
∑
= n
k 1
∑
= G
j1
Pkj/Gk (23)
where, n is the identified number of asymmetrical CCF events, G is the number of components within the same CCCG, and Pkj is the impairment vector of Gk.
APPLICATION RESULTS
The Alpha parameter estimation was performed by using the ICDE database. For a comparison, the decomposition approach and the conservative method were employed to quantify the EDG system unavailability. First subsection describes the ICDE database and the second subsection presents the EDGs of Ulchin Unit 3. In the third subsection, the application results of the developed general formulas from the previous section to the three EDGs are presented. In the fourth subsection, the estimation results of the alpha factors using the conservative method are presented. In the fifth subsection, the calculation results of a system unavailability are presented with the discussions on the use of the decomposition approach.
The ICDE database
The OECD/NEA initiated the ICDE Project to collect and to analysis CCF events [1]. Definitions and coding schemes for a qualitative and quantitative analysis of CCF events mainly rely on NUREG/CR-6268 [6]. Korea has participated in the ICDE Project since 2002. At the end of 2006, the ICDE provided the EDG data for the pressurized water reactors of the ICDE member countries. Number of PWR units in the ICDE database is 126. Total number of CCF events for the EDGs is 35 and that of the ICF events is 1,149.5. The ratio of the CCF events to the ICF events for the ICDE database is 0.0304. Among the CCF events of “fails to start”, 6 events were identified as complete failure events and 8 events were identified as partial failure events. For the case of “fail to run”, 4 events were identified as complete failure events and 17 events were identified as partial failure events. The number of independent failure events for “fails to start” is 710 and that for “fails to run” is 439.5.
The EDGs of Ulchin Unit 3
The Ulchin Unit 3 is a pressurized water reactor. When an offsite power and the two onsite EDGs of Ulchin Unit 3 are not available, one alternate AC (AAC) diesel generator is provided to supply power to one division of the Ulchin Units 3. The AAC is manually connected to only one 4.16kV Class 1E bus. It can also be connected to Ulchin Unit 4, 5, or 6. The EDGs of Units 3&4 and the AAC are manufactured by the same company, but they are designed differently. Different designed parts are the supporting systems such as the 125V DC, heating and ventilation, and cooling systems. As the basic events of the other EDGs for Ulchin Unit 4, 5, or 6 and the EDGs for Ulchin Unit 3 are not shown in the same cutsets, two onsite EDGs of Ulchin Unit 3 and the AAC were determined as the same CCCG, and its size was 3. For the case where there is a loss of off-site power disabling both units, the size of the CCCG for the EDGs is 5 [7].
Applications of the general formulas of the asymmetrical events to the EDGs
Let us call the two onsite EDGs of Ulchin Unit 3& 4 as EDG A and EDG B and the AAC as EDG C. Application of the method in the previous section mean that ‘M’ is 3, ‘m’ is 2, and ‘n’ is 1. The primary components are EDG A &B and the secondary components are EDG C. Thus, by using Eqs. (7), (8), (9), (10), (11), and (12), the unavailability of EDG A, B, C and their related parameters can be represented as follows:
QT ( EDG A ) = QT ( EDG B) ≈ Qc1 + 2Qc2 + Qc3+Qp2 (24)
QT ( EDG C) ≈ Qc1 + 2Qc2 + Qc3 (25)
c c
5
Qc2 = (αc
2 / 2) * QT , (27)
Qc
3 = αc3 * QT (28)
Qp2 = αp
2* QpT (29)
Qc2 and Qc3 are estimated based on the symmetrical CF events applicable to the three EDG A, B, and C. Qp2 is estimated based on the asymmetrical CCF events applicable to only EDG A and B. By using Eq.(21), Qp2 can be written as Eq. (30):
Qp2 = αp
2* QpT ≈ (3/2)*(np2 /(nc1+ nc2+ nc3)*QT= α’p2*QT (30)
where, np2 is the number of double CCF events applicable to only EDG A and B. nc1 is the number of independent failure events and, nc2 and nc3 are the CCF events applicable to the three EDG A, B, and C. α’p2 is represented by:
α’p2 = (3/2)*(np2 /(nc1+ nc2+ nc3) (31)
From the ICDE database [1], the CCF events applicable to only EDG A and B were identified. Table 1 shows the identified CCF events. By using Eq.(24), the ratios of the asymmetrical CCF events ( applicable to only EDG A and B) to total CCF events were estimated. The ratio of that for “fails to start” was estimated as 0.0714 and that of “fails to run” was 0.0032. Thus, it could be assumed that the ratio of the independent failure events applicable to the three EDGs to total independent events of “fails to start” is 0.9286 and that of “fails to run” is 0.9968.
Table 1. CCF events applicable to only EDG A and B
Failure Modes CCF Event ID Failure Causes Reasons
Fail to run 15475 Cooling water supporting system related Fail to run 15479 Cooling water supporting system related Fail to run 9006 Cooling water supporting system related
EDG C has self-cooling radiator. No need for cooling
water supporting system Fail to start 9049 Signal related EDG C manually started
Table 2 shows the impact vector estimated based on the independent failures and CCF events applicable to the three EDGs, EDG A, B, and C. Calculation of the independent failure events was performed by adding an adjusted independent event nc
1-indep to nc1-CCF. In Table 2, the adjusted independent events after a modification mean that the adjusted independent events are re-estimated with a consideration of the ratio of the independent failure events applicable to the three EDGs to the total independent events. Table 3 shows the estimated number of CCF events applicable to only EDG A and B. The probabilities of the independent failure events of “fail to start” and “fail to run” for the EDGs were estimated as 4.49E-2 and 5.76E-2, respectively. With the data of Table 2 and 3, the Alpha factors and CCF probability applicable to the three EDGs and to only EDG A and B were estimated as shown in Table 4.
Table 2. Estimated impact vector of the failure events applicable to the three EDGs - EDG A, B, and C
Fail to start Fail to run Average Impact Vector
CCCG=2 CCCG=3 CCCG=2 CCCG=3
Adjusted Independent. Events: nc1-indep 567.733 851.6 379.5 569.25
Adjusted Independent. Events after a
modification: nc1-indep 527.196 790.79 378.97 568.45 nc
1-CCF 5.436 4.543 5.806 7.19
nc2 5.907 3.611 3.897 1.52
nc3 4.703 3.391
Table 3. Estimated impact vector of the CCF events applicable to only EDG A and B
Average Impact Vector Fail to start Fail to run
np1 0 0.815
np
2 1 0.118
Table 4. Estimated Alpha factors and CCF probability using the decomposition approach
Fails to start Fails to run Alpha factors /
CCF
probability Alpha factors Total and CCF Probability Alpha factors Total and CCF Probability
Q1 ≈ QT Not applicable 4.490E-02 Not applicable 5.760E-02
αc
2, Qc2 4.519E-03 1.014E-04 2.651E-03 7.635E-05
αc3, Qc3 5.885E-03 2.589E-04 5.914E-03 3.406E-04
αp
’2, Qp2 1.877E-03 8.427E-05 3.087E-04 1.778E-05
The conservative method
For a comparison, we calculated the Alpha Factor parameters and the CCF probability using the conservative method. In the conservative method, the three EDGs were treated as the same component without a consideration of their design differences. Thus, the unavailability of each EDG is represented by Eq. (32). Q1, Q2, and Q3 are represented by Eq.(33), Eq.(34), and Eq. (35), respectively.
QT ( EDG A ) = QT ( EDG B) = QT ( EDG C) ≈ Q1 + 2Q2 + Q3 (32)
Q1 = α1 * QT ≈ QT, (33)
Q2 = (α2 / 2) * QT , (34)
Q3 = α3 * QT (35)
All the CCF events for the EDGs in the ICDE database can be applied to an estimation of the Alpha factors of the three EDGs. The Alpha factors and CCF probability were estimated as shown in Table 5.
Table 5. Estimated Alpha factors and CCF probability using the conservative method
Fails to start Fails to run Alpha factors
/CCF
probability Alpha factors Total and CCF Probability Alpha factors Total and CCF Probability
Q1 ≈ QT Not applicable 4.490E-02 Not applicable 5.760E-02
α2,Q2 4.170E-03 9.362E-05 4.3942E-03 1.265E-04
α3, Q3 6.590E-03 2.959E-04 6.2609E-03 3.606E-04
Calculation results of the system unavailability and the Discussions
The EDG system unavailability of the 1 out of 3 success criterion except for the supporting system and the events representing the unscheduled maintenance were calculated. Calculation results are shown in Table 7 with a description of the unavailability formulas for each EDG. For the case where the conservative method was employed, the system unavailability was estimated as 1.801E-3. For that where the decomposition approach was employed, it was estimated as 1.742E-3. Without a consideration of a change of the number of the independent failure events corresponding to the classified CCF events, it was estimated as 1.714E-3.
These study results show that there is small difference in the calculation results for the system unavailability using the conservative and the decomposition approaches. It is expected that this small difference may come from the small number of asymmetrical events as shown in Table 3. If the ratio of the asymmetrical CCF events to the total CCF events increases, the difference in the calculation results for the system unavailability by using the two methods will become larger.
7
component failure probability such as auxiliary feedwater system pumps with two motor driven pumps and one or two diesel or turbine driven pumps. They could be applied to the cases where the failure probability of a component in the same CCCG is almost the same and when the historical CCF events that have previously occurred could be classified into symmetrical and asymmetrical events.
Table 7. Calculation results of EDG system unavailability using the two methods
Methods
Unavailability formulas of EDG A
and B
Unavailability formulas of
EDG C
System unavailability- success criteria
(1/3)
Remarks
Conservative
method Q1 + 2Q2 + Q3 Q1 + 2Q2 + Q3 1.801E-3
All CCF events are considered for the estimation of Q2 and Q3
Decomposition approach
Qc1 + 2Qc2 + Qc3 +Qp
2 Qp2 is estimated based
on the CCF events applicable to only
EDG A&B.
Qc1 + 2Qc2 +
Qc3 1.742E-3
CCF events related to automatic signal and cooling water supporting system are excluded
for the estimation of Q c 2 and Q c 3.
CONCLUSIONS
In this paper, we derived general formulas for a modeling and parameter estimation of asymmetrical CCF events by using the decomposition approach. The total failures of a component including the CCFs were divided into their symmetry part and asymmetry part. Based on the assumption that the CCFs of each divided part were the symmetrical failure events within them, the Alpha Factor method was employed for a derivation of the formulas for treating the asymmetrical CCF events. The derived formulas were applied to the CCF analysis of the three emergency diesel generators (EDGs) at a Korean NPP site. The historical CCF data used for the Alpha Factor estimation was the ICDE database. For a comparison, we quantified the EDG system unavailability of the 1 out of 3 success criterion by using the conservative method and the decomposition approach. The system unavailability estimated by the former method was increased by 3.4% in a comparison with the latter method. The developed formulas in this study can be used for dealing with any asymmetrical CCF event with a consideration of a change of the number of the independent failure events corresponding to the classified CCF events. However, they can not be used for treating the CCF events among components with a different component failure probability such as auxiliary feedwater system pumps.
NOMENCLATURE
Qc T = total probability of a component due to the symmetrical failures caused by the same design, the same operation environment, etc. affecting both the primary and the secondary components
Qp T = total probability of a component due to the asymmetrical failures caused by the specific design, operation environments, etc. affecting only the primary components
QsT = total probability of a component due to the asymmetrical failures caused by the specific design, operation environments, etc. affecting only the secondary components
Qck (m+n)
= probability of a symmetrical CCF event involving k specific components affecting the primary and the secondary components.
Qpk (m)
= probability of an asymmetrical CCF event involving k specific components due to the characteristics of only the primary components
Qs
k(n) = probability of an asymmetrical CCF event involving k specific components due to the characteristics of only the secondary components
nck = number of symmetrical CCF events involving k specific components affecting the primary and the secondary components.
npk = number of asymmetrical CCF events involving k specific components due to the characteristics of only the primary components
nsk = number of asymmetrical CCF events involving k specific components due to the characteristics of only the secondary components
nc 1-indep = adjusted independent events nc
ACKNOWLEDGMENTS
This work has been carried out under the Nuclear R&D Program by the Ministry of Science and Technology of Korea.
REFERENCES
1. OECD Nuclear Energy Agency, “International Common-cause Failure data Exchange, ICDE General Coding Guidelines”, NEA/CSNI/R (2004)4, January 2004
2. Mee-Jung Hwang et al., “Guidance for Common Cause Failure Analysis (in Korean)”, KAERI/TR-2444/2003, KAERI, 2003
3. Mosleh et al., “Guidelines on Modeling CCF in PRA”, NUREG/CR-5485, 1998
4. Young G. Jo, “Modeling and Quantification of Common Cause Failures among Pumps with Different Operation Histories”, International Topical Meeting PSA’ 2005, page 1366~1374, 2005
5. Dae Il Kang and Sang Hoon Han, “Estimation of the Alpha Factor Parameters Using the ICDE Database (in Korean)”, KAERI/TR-3286/2006, KAERI, 2007
6. F. M. Marshall et. al., “Common-Cause Failure Data and Analysis System: Event Definition and Classification”, NUREG/CR-6268, 1998.
7. Woo Sik Jung, et al., “ A New Method to Evaluate Alternate AC Power Source Effects in Multi-Unit Nuclear Power Plants”, Reliability Engineering and System Safety, Vol.82, pp. 165~172, 2003
